Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
pchee
Staff
Staff

Created on ‎06-30-2025 10:09 PM

Article Id 398960

Technical Tip: FortiSIEM compatibility with Octet Counting in FortiMail Syslog over TCP

Description

This article describes how FortiSIEM could correctly parse syslog messages from FortiMail using TCP.
Scope FortiMail v7.6.x.
Solution

For the syslog, to correctly parse messages from FortiMail between CR LF (Windows), LF(Unix), and CR (Macintosh) line breaks, the following configuration is required:

  1. Navigate to Log & Report -> Log Setting -> Remote.
  2. Select the button '+ New'.
  3. Fill up the Name and Server name/IP.
  4. Protocol -> Syslog.

 

TCP.jpg

 

  1. Mode-> TCP (Legacy).

 

With this setting, FortiMail will include Non-Transparent-Framing (LF-terminated messages) to parse syslog messages.
144
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.